CVE-2025-34186
Severity CVSS v4.0:
CRITICAL
Type:
CWE-78
OS Command Injections
Publication date:
16/09/2025
Last modified:
17/09/2025
Description
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary's interpretation of non-zero exit codes as successful authentication, remote attackers can bypass authentication and gain full access to the system.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL